Thursday, 6 December 2018
Telecommunications and Other Legislation Amendment (Assistance and Access) Bill 2018; Second Reading
I table a revised explanatory memorandum relating to the bill and move:
That this bill be now read a second time.
I seek leave to have the second reading speech incorporated in Hansard.
The speech read as follows—
New communications technology, including encryption, is eroding the capacity of Australia's law enforcement and security agencies to investigate serious criminal conduct and protect Australians.
The Telecommunications and Other Legislation Amendment (Assistance and Access) Bill 2018 contains amendments to various legislation to create a package of reforms that strengthens the ability of Australia's law enforcement and national security agencies to deal with the challenges of encryption.
Encryption underpins modern information and communication technology. It is a tool that protects personal, commercial and government information and supports confidence in a secure cyberspace. These technologies allow us to confidently do things like online banking and shopping.
However, serious criminals and terrorists are increasingly misusing and exploiting these technologies.
Terrorist organisations in Australia and overseas are using secure messaging services to obscure their identities and plans from the authorities. For example, ISIL used secure messaging services to plan the November 2015 Paris attacks.
The lack of access to encrypted communications presents an increasingly significant barrier for national security and law enforcement agencies in investigating serious crimes and national security threats.
According to ASIO, encryption has impacted intelligence operations in at least nine out of every 10 of its priority cases.
The AFP advise that encrypted communications have directly impacted around 200 operations conducted by the AFP in the last 12 months, all of which related to the investigation of serious criminality and terrorism offences carrying a penalty of 7 years imprisonment or more.
The uptake of encrypted communications platforms by organised criminal and terrorist groups has been sudden. This represents a seismic shift in the operational environment for our law enforcement and security agencies.
In June 2013, only 3 per cent of internet communications intercepted by ASIO, under warrant, were encrypted. By 1 July 2017, that figure had increased to more than 55 per cent. Most of the material of intelligence value is in the encrypted proportion.
Similarly, more than 90 per cent of data lawfully intercepted by the AFP is now encrypted in some form.
No responsible government can sit by while those who protect our community lose access to the tools they need to do their job. In the current threat environment, we cannot let this problem get worse.
This legislation will not weaken encryption or mandate 'backdoors' into encryption.
The Bill represents a package of measures which will enhance our approach. The Government has undertaken extensive industry and public consultation on the Bill and has made amendments to account for the constructive feedback we received.
Outline of Measures in the Bill
Industry assistance, including technical assistance and technical capability warrants
The supply of communications is a global industry. With major technology providers headquartered overseas, we must work with international partners to adapt to a world characterised by ubiquitous encryption.
The communications industry is in a unique position to assist in tackling the challenges we face.
Encrypted products are developed and applied by a range of private providers – both inside and outside of Australia – and in a range of forms across the communications supply chain.
National security and law enforcement agencies already work cooperatively with industry partners on these issues, to protect Australians.
The Bill seeks to enhance those existing relationships to achieve lawful and non-arbitrary access to available information in the context of serious criminal and national security threats.
It complements the existing obligations of domestic service carriers to provide reasonable assistance to law enforcement under the Telecommunications Act 1997.
The Bill facilitates a multi-level approach to industry assistance, creating a framework to support the wide range of providers that assist law enforcement and intelligence agencies voluntarily, including foreign providers.
This is reinforced and clarified by the creation of two new powers: the technical assistance notice and the technical capability notice.
Technical assistance notices are issued by an agency head or their delegate and will compel assistance that a provider is currently capable of giving.
Technical capability notices are issued by the Attorney-General and can require a company to develop and/or maintain a standing capability to effectively action agency requests.
The Government is not seeking to mandate so-called backdoors. The Bill specifically provides that companies cannot be required to create systemic weaknesses in their encrypted products, or be required to build a decryption capability.
This is also not a new vehicle to collect personal information. Surveillance and interception must be authorised by existing warrants and authorisations, which are subject to their own safeguards, including judicial oversight.
The Bill requires that any obligations within a technical assistance notice and technical capability notice are reasonable, proportionate, practicable and technically feasible. We are not in the business of asking industry to do the impossible.
The legislation provides for cost recovery for complying with new requirements and immunities from civil liability.
Alternative capabilities for law enforcement
Modern information and communications technology has provided more ways to stay connected and store information. These capabilities include a wide variety of electronic protection. Agencies need expanded capabilities to adapt and meet the needs of the evolving digital environment.
To this end, the Bill provides law enforcement agencies with additional powers for overt and covert computer access. Computer access involves the use of software to collect information directly from devices. Commonwealth, State and Territory law enforcement agencies would be able to use this power to investigate offences with a federal aspect.
The Surveillance Devices Act will include a new covert computer access power for law enforcement, like those powers currently available to ASIO. This will enable law enforcement agencies to apply for computer access warrants when investigating serious federal crimes with a maximum penalty of three years or more, including terrorism and child exploitation.
The cross-border storage of information and overseas location of service providers, makes Australia's mutual assistance framework critical in enabling Australian and foreign authorities access to information to inform investigations and obtain evidence. Under that framework, foreign authorities will be able to make a request to the Attorney-General to authorise an eligible law enforcement officer to apply for, and execute, a computer access warrant to assist in a foreign investigation or investigative proceeding.
Amendments will be made to the Crimes Act search warrant framework to ensure law enforcement officers do not have to physically be on premises in order to access a computer under a search warrant.
Amendments to the Customs Act will enable a judicial officer to issue a search warrant authorising the ABF to search a device (such as a smartphone) held on a person. Currently, devices can only be searched when found on a premises.
The Crimes Act and the Customs Act will be amended to increase the maximum penalty for a person who fails to provide assistance to law enforcement in accessing a device, which is the subject of a search warrant. These assistance orders must be issued by a judicial officer. The maximum penalty will be increased to five years. An aggravated offence will be created for serious offences like espionage, terrorism, child exploitation and pornography, with a maximum penalty of 10 years imprisonment.
The increased penalties for non-compliance with orders for access to a device reflects the value of evidentiary material on devices and the fact that persons who have undertaken criminal activity would rather accept the current low penalties than provide data that could be evidence in a more serious prosecution.
Given the increased complexity of devices and higher volumes of data stored, law enforcement agencies will now have 30 days to conduct forensic processes in regards to seized computers and data storage devices. This is an increase on the currently inadequate 14 day timeframe for police forces and 72 hour period for the Australian Border Force.
ASIO is responsible for investigating some of the gravest threats to Australia's national security, including espionage, terrorism and attacks on Australia's defence systems.
ASIO's ability to collect intelligence using traditional means, such as telecommunications interception, is declining due to encryption.
To mitigate this decline, the Bill will introduce a new framework to ensure that persons and bodies who voluntarily assist ASIO are given appropriate legal protections for this assistance. The purpose of this new framework is to give members of the public the highest degree of confidence that they may lawfully help ASIO to protect Australia's national security.
This Bill demonstrates the Government's commitment to ensuring that law enforcement and national security agencies have the tools they need to keep Australians safe. The Government has consulted extensively with industry and the public on these measures and is committed to ensuring that our legislative response to the challenges of an evolving technological landscape is reasonable, proportionate and meets national security and law enforcement needs.